Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/5AY_kiHmUfszrCzb3ld3cJ1gmE0.roa
File:                     5AY_kiHmUfszrCzb3ld3cJ1gmE0.roa (raw, json)
Hash identifier:          RwtZtT7abZlFgAzYeQ5wt9aWiXUmMVYu3OkxZ/P7c5A=
Subject key identifier:   E4:06:3F:92:21:E6:51:FB:33:AC:2C:DB:DE:57:77:70:9D:60:98:4D
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019768266BEEAF25BB0B8F83D673AC76498A
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/5AY_kiHmUfszrCzb3ld3cJ1gmE0.roa
Signing time:             Fri 13 Jun 2025 07:17:17 +0000
ROA not before:           Fri 13 Jun 2025 07:17:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214802
IP address blocks:        82.177.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:68:26:6b:ee:af:25:bb:0b:8f:83:d6:73:ac:76:49:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jun 13 07:17:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4063f9221e651fb33ac2cdbde5777709d60984d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:15:51:f3:c1:4e:be:ed:2d:43:ad:b6:2b:d7:
                    bc:03:61:23:8b:74:de:b2:72:da:38:04:c2:80:51:
                    6b:87:04:f7:30:59:4a:6e:88:09:da:a9:0d:b6:f4:
                    39:82:e8:c1:1d:a0:4a:fe:16:c2:29:b9:08:88:fc:
                    ad:b2:e2:d9:32:5a:8a:8e:09:76:21:29:70:65:4e:
                    36:5a:0b:f0:b6:8c:4c:bd:35:da:62:d6:9b:97:44:
                    87:59:e0:2b:24:78:18:e5:86:50:48:ad:f7:d6:27:
                    2a:8b:48:61:76:fc:9f:2d:cc:42:ce:ad:da:39:db:
                    43:4d:86:40:cf:81:0c:49:3d:c0:83:63:a8:8e:b7:
                    b7:0c:8b:b9:d4:79:51:f3:64:89:f9:2b:91:c7:f6:
                    02:95:80:57:fe:70:ae:64:48:c0:e5:7a:38:62:22:
                    77:4e:72:b7:0c:17:e9:19:44:be:7b:50:6a:46:bd:
                    4b:3d:79:d1:0d:89:cc:20:de:43:e9:77:0f:d8:29:
                    b0:e2:8f:01:e5:d8:8d:b6:3e:0e:3a:35:29:ec:ad:
                    3b:d6:f5:0f:1f:19:14:eb:f6:b0:b1:5e:92:9d:3e:
                    86:71:7d:ed:48:71:5a:37:ff:6a:20:7d:da:32:9b:
                    4a:6e:45:16:e1:ad:29:e9:09:bb:1b:b3:a8:34:eb:
                    ba:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:06:3F:92:21:E6:51:FB:33:AC:2C:DB:DE:57:77:70:9D:60:98:4D
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/5AY_kiHmUfszrCzb3ld3cJ1gmE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:a7:eb:3b:3a:96:34:ac:25:5d:1a:9a:0e:80:39:c2:5f:03:
         88:a8:9b:02:c3:24:5c:8f:e1:59:97:d1:09:38:9f:87:c4:91:
         db:14:a0:71:6f:49:2f:9a:a9:84:0f:1b:bc:60:a5:3e:0a:36:
         d0:e3:a7:32:ee:74:6f:aa:32:b2:87:65:67:7f:4e:41:5d:b7:
         84:ce:6f:f6:40:5e:5a:1e:8b:86:a1:9b:eb:bd:43:bb:8f:4d:
         f4:b8:ab:4a:60:3a:98:c0:3f:3b:0e:03:8b:6a:af:82:7e:ea:
         34:a4:e4:99:f5:04:2e:0d:db:42:4b:fc:be:2d:d3:99:b3:e1:
         b4:dd:dc:17:a4:8a:82:ac:9a:61:49:d8:47:7a:aa:50:b7:65:
         8b:87:7b:f0:54:96:37:70:65:b9:41:68:17:8e:87:1a:71:43:
         34:cc:1a:0a:f2:a0:15:8d:73:14:54:87:95:54:14:4e:b6:e3:
         aa:39:14:2e:b9:88:3c:68:ab:ff:ff:d2:2d:75:8c:06:3b:c0:
         f4:ec:77:45:da:48:ad:88:df:b3:65:55:63:31:72:3e:c9:30:
         8b:dd:8d:a8:66:26:d8:4a:43:0c:e8:7a:06:61:b9:01:b5:d6:
         a2:06:7d:62:f9:cb:65:c1:70:d5:97:af:63:8e:16:cb:9a:d5:
         6e:5b:18:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdoJmvuryW7C4+D1nOsdkmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwNjEzMDcxNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDA2M2Y5MjIxZTY1MWZiMzNhYzJjZGJkZTU3Nzc3MDlkNjA5ODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhVR88FOvu0tQ622K9e8A2Eji3Te
snLaOATCgFFrhwT3MFlKbogJ2qkNtvQ5gujBHaBK/hbCKbkIiPytsuLZMlqKjgl2
ISlwZU42WgvwtoxMvTXaYtabl0SHWeArJHgY5YZQSK331icqi0hhdvyfLcxCzq3a
OdtDTYZAz4EMST3Ag2Oojre3DIu51HlR82SJ+SuRx/YClYBX/nCuZEjA5Xo4YiJ3
TnK3DBfpGUS+e1BqRr1LPXnRDYnMIN5D6XcP2Cmw4o8B5diNtj4OOjUp7K071vUP
HxkU6/awsV6SnT6GcX3tSHFaN/9qIH3aMptKbkUW4a0p6Qm7G7OoNOu6nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQGP5Ih5lH7M6ws295Xd3CdYJhNMB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvNUFZX2tpSG1VZnN6ckN6YjNsZDNjSjFnbUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrE4MA0G
CSqGSIb3DQEBCwUAA4IBAQBqp+s7OpY0rCVdGpoOgDnCXwOIqJsCwyRcj+FZl9EJ
OJ+HxJHbFKBxb0kvmqmEDxu8YKU+CjbQ46cy7nRvqjKyh2Vnf05BXbeEzm/2QF5a
HouGoZvrvUO7j030uKtKYDqYwD87DgOLaq+Cfuo0pOSZ9QQuDdtCS/y+LdOZs+G0
3dwXpIqCrJphSdhHeqpQt2WLh3vwVJY3cGW5QWgXjocacUM0zBoK8qAVjXMUVIeV
VBROtuOqORQuuYg8aKv//9ItdYwGO8D07HdF2kitiN+zZVVjMXI+yTCL3Y2oZibY
SkMM6HoGYbkBtdaiBn1i+ctlwXDVl69jjhbLmtVuWxje
-----END CERTIFICATE-----